Blowfish support in crypt() (glibc) ?

Miguel Bazdresch lfs-01 at
Tue Jun 8 05:01:16 PDT 2004

* Robert Connolly <robert at> [2004-06-08 11:30]:
> On June 7, 2004 10:05 am, Bennett Todd wrote:
> > What's the problem with MD5 in passwd?
> "The problem of attacking MD5 is no longer a theoretical matter - it is a 
> business proposition."

As far as I can see they're trying to find a collision in MD5, and
haven't found it yet, so it's still speculation.

Also, this doesn't address the use of MD5 in passwd, only on digital
certificates. It's not the same problem, because if an attacker has
access to your shadow file, you're screwed anyway. Or am I wrong?

Miguel Bazdresch

More information about the hlfs-dev mailing list